aboutsummaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-09-12 21:31:59 -0400
committerNick Mathewson <nickm@torproject.org>2017-09-12 21:32:42 -0400
commitf9f3014ce657976aa81dc6c1fae9175f9b1f9c20 (patch)
tree13e2bf2380e5d77bb72f8fe45e58e0a190e6710f /scripts
parent4ff170d7b1cbe4074cb85271b82a8963eccc8286 (diff)
downloadtor-f9f3014ce657976aa81dc6c1fae9175f9b1f9c20.tar.gz
tor-f9f3014ce657976aa81dc6c1fae9175f9b1f9c20.zip
Add more checkers to scan-build.
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/test/scan-build.sh60
1 files changed, 41 insertions, 19 deletions
diff --git a/scripts/test/scan-build.sh b/scripts/test/scan-build.sh
index 765297ee69..fdd1c7a4f8 100755
--- a/scripts/test/scan-build.sh
+++ b/scripts/test/scan-build.sh
@@ -5,7 +5,46 @@
# This script is used for running a bunch of clang scan-build checkers
# on Tor.
-CHECKERS=""
+# These don't seem to cause false positives in our code, so let's turn
+# them on.
+CHECKERS="\
+ -enable-checker alpha.core.CallAndMessageUnInitRefArg \
+ -enable-checker alpha.core.CastToStruct \
+ -enable-checker alpha.core.Conversion \
+ -enable-checker alpha.core.FixedAddr \
+ -enable-checker alpha.core.IdenticalExpr \
+ -enable-checker alpha.core.PointerArithm \
+ -enable-checker alpha.core.SizeofPtr \
+ -enable-checker alpha.core.TestAfterDivZero \
+ -enable-checker alpha.security.MallocOverflow \
+ -enable-checker alpha.security.ReturnPtrRange \
+ -enable-checker alpha.unix.BlockInCriticalSection \
+ -enable-checker alpha.unix.Chroot \
+ -enable-checker alpha.unix.PthreadLock \
+ -enable-checker alpha.unix.PthreadLock \
+ -enable-checker alpha.unix.SimpleStream \
+ -enable-checker alpha.unix.Stream \
+ -enable-checker alpha.unix.cstring.BufferOverlap \
+ -enable-checker alpha.unix.cstring.NotNullTerminated \
+ -enable-checker alpha.valist.CopyToSelf \
+ -enable-checker alpha.valist.Uninitialized \
+ -enable-checker alpha.valist.Unterminated \
+ -enable-checker security.FloatLoopCounter \
+ -enable-checker security.insecureAPI.strcpy \
+"
+
+# These have high false-positive rates.
+EXTRA_CHECKERS="\
+ -enable-checker alpha.security.ArrayBoundV2 \
+ -enable-checker alpha.unix.cstring.OutOfBounds \
+ -enable-checker alpha.core.CastSize \
+"
+
+# These don't seem to generate anything useful
+NOISY_CHECKERS="\
+ -enable-checker alpha.clone.CloneChecker \
+ -enable-checker alpha.deadcode.UnreachableCode \
+"
scan-build \
$CHECKERS \
@@ -18,27 +57,10 @@ scan-build \
make -j5 -k
CHECKERS="\
- -disable-checker deadcode.DeadStores \
- -enable-checker alpha.core.CastSize \
- -enable-checker alpha.core.CastToStruct \
- -enable-checker alpha.core.IdenticalExpr \
- -enable-checker alpha.core.SizeofPtr \
- -enable-checker alpha.security.ArrayBoundV2 \
- -enable-checker alpha.security.MallocOverflow \
- -enable-checker alpha.security.ReturnPtrRange \
- -enable-checker alpha.unix.SimpleStream
- -enable-checker alpha.unix.cstring.BufferOverlap \
- -enable-checker alpha.unix.cstring.NotNullTerminated \
- -enable-checker alpha.unix.cstring.OutOfBounds \
- -enable-checker alpha.core.FixedAddr \
- -enable-checker security.insecureAPI.strcpy \
- -enable-checker alpha.unix.PthreadLock \
- -enable-checker alpha.core.PointerArithm \
- -enable-checker alpha.core.TestAfterDivZero \
"
# This one gives a false positive on every strcmp.
# -enable-checker alpha.core.PointerSub
# Needs work
-# alpha.unix.MallocWithAnnotations ??
+# -enable-checker alpha.unix.MallocWithAnnotations